504376 : (csSearch.cgi) is present

Risk 5 : Web Services

The web server contains an application which may have a vulnerability. If the vulnerability is present, an unauthorized user could read files, change files, or execute commands on the server.

The Hypertext Transport Protocol (HTTP) allows a client to access HTML pages and other web applications using a web browser. HTTP servers contain programs which perform functions on the server at the request of the client (when a form is submitted, for example), and transmit results to the client's browser in the form of an HTML page.

06/13/13 csSearch.cgi, csGuestbook.cgi, csLiveSupport.cgi, csNews.cgi, csChatRBox.cgi: 03/28/02 04/30/02 CVE 2002-0495 CVE 2002-1750 CVE 2002-1751 CVE 2002-1752 CVE 2002-1753 These scripts, developed by CGIScript.net, store their configuration information in a file called setup.cgi which is executed whenever the script runs. Due to a vulnerability in these scripts, it is possible for a remote attacker to write arbitrary commands to the setup.cgi file, which are subsequently executed. Resolution: The freeware version of csSearch can be upgraded to version 2.5 or higher. If you are using any other CGIScript product, contact the vendor to determine whether you are vulnerable and to obtain the patch. (Reference)

csSearch.cgi, csGuestbook.cgi, csLiveSupport.cgi, csNews.cgi, csChatRBox.cgi: The vulnerability in csSearch was posted to http://www.securityfocus.com/archive/1/264169 Bugtraq archive 264169. The vulnerabilities in the other products were also posted to http://www.securityfocus.com/archive/1/266432 Bugtraq archive 266432.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-03-26
New Search
Keywords
Risk Factor
Start Date
End Date
Browse